| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | whoami /priv |
From: John Beckett I'm trying to understand the output of 'whoami /priv'. For example, for a member of Administrators: C:\> whoami /priv (X) SeChangeNotifyPrivilege = Bypass traverse checking (O) SeSecurityPrivilege = Manage auditing and security log ...(other lines omitted)... Apparently: (X) means I have that right, and it is enabled. (O) means I have that right, but it is currently disabled. If I ran a program to manage auditing, that program should: - Enable SeSecurityPrivilege (abort if error). - Manage auditing. - Disable SeSecurityPrivilege to restore setting, when finished. I understand "defense in depth", and the common sense of only switching the safety catch off when you need to use the gun, but is there any more behind the reason that most privileges are disabled? I'm wondering if there is a scenario that provides a real security benefit from having various privileges disabled (apart from requiring malware to have an extra couple of lines of code to first enable the privilege). Perhaps if I spawn a process or thread, that process or thread would default to NOT have the privilege under some circumstances?? John --- BBBS/NT v4.01 Flag-5* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45) SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.